\chapter{Introduction}
The world wide web provies more than just to provide informations in our days. So it's a common thing, that the web technology evolves. In the last 10 years, there have been big innovations for moving the world wide web from a network of textual informations into a plattform of nearly full-featured for applications. Technology like Flash, Silverlight or HTML5 extend massively the capabilities of a web application compared to simple HTML.
\\\\It's a common thing that innovation evolves sometimes into a standard. HTML5 tries to integrate the innovations made in Silverlight or Flash into a common standard. Part of this standard is the WebSocket communication model; with this method a bidirectional communication can be achieved between a client and a server.

\section{Intention of this work}
This work has the intention to provide an annotation based approach for setting up a websocket service provider. So it should be much more easier to set up a websocket-aware service by using spring. The handling of connection events disconnecting events or even the handling of the message itself should be transparent to the programmer. For the programmer on the first look, it seems he's working with objects and controllers on the local system.

\section{Organization of this work}
In this introductional chapter the reader should gather a first impression what goal this project should have and also which technological tools are used to achieve this goal. The following chapters should describe the implementation details and the progress which is made from milestone to milestone. After every milestone chapter a summary is provided with the tasks which have been completed and also which couldn't be completed and had to be postponed. The last chapter analyzes the reached goals and tries to make a forecast how the technology and this project is continued. 

\section{Project Organization}
The project itself is currently hosted on google code. Most of the project planning like the creation of issues is performed there. Also the SVN infrastructure of google code is used. Milestone releases can be downloaded seperatly if you don't want to use maven or the trunk.

\section{WebSocket}
The basic of the communiction in the WWW relies on the hypertext transfer protocol. Because in the early days of the WWW it only consists of simple text files, the communication protocol only haves to be able to pull data or to post data initiated by the client. There wasn't a need to send informations from the server to the client initiated by the server.
\\\\But in the year 2011, the web does more than just serving text files. Think of an application, which should always display the current stock exchange price of a particular index. With the traditional techniques, this could be only be achieved cyclic requesting the data from the server. The implications of this procedure are clear; changes are only fetched with the next poll. The server is also polled if there's no change in the data. Summarized, this method has the following problems:
\begin{itemize}
  \item 
\end{itemize}
\subsection{Bidirection Communication}
But how you can get over theese obstacles ment in the previous section? HTTP is a unidirectional protocol. For understanding how WebSockets work, let's first have a look how a normal HTTP request is performed.
\\\\HTML5 is still in a draft state; that means the specification made can be changed or overworked. So it can be, that the implementation work made today according to the standard, can violate against the standard in a few months.
\begin{figure}[H]
\begin{center} 
\fbox{ \includegraphics[width=1.0\textwidth]{bilder/websocketAblaufUS.png}}
\caption{Principle of a WebSocket}
\end{center}
\label{websocketAblauf} 
\end{figure} 
Most of the communication between the server and the client is comparable to a normal HTTP request. But the difference lies in the last step of the communication. In a normal HTTP-Request an HTTP-Close implies also a socket close. If the socket close operation is not performed, the socket remains open. When both sides know about this violation of the protocol, the scoket can be ``recycled''. But this technique is nothing new. The WebSocket protocol enhances this procedure with two main points:
\begin{itemize}
  \item 
\end{itemize}
With this two additions this kind of communication is standardized. So it's possible for proxy servers to recognize theese kind of connections or to handle them seperatly in a servlet engine.  

\subsection{Security Concerns}
Every new innovation which tries to overcome the boundaries of the current technology, you'll run into issues. That's also true for WebSockets. Lin-Shung Huang, Eric Y. Chen, Adam Barth, Eric Rescorla, and Collin Jackson demonstrated in their paper ``Transparent Proxies: Threat or Menace?''\cite{websocketProxyHole} that the use of WebSocket can compromise your enterprise security infrastructure.
\\\\Summarized, some transparent proxy servers interpret the content of a websocket connection and don't take care of the communication direction. So it's possible to read out informations from internal web servers with a primed site. The attack is demonstrated in the following graphic:
At first, a user in a network wants to visit site evil-websockets.net. Between the internet and the internal network is a transparent proxy server installed. 
\\\\Because a WebSocket connection performs in the initial step a HTTP-Request, it's registered at the transparent proxy. After the WebSocket Handshake is complete, the primed site sends via the established WebSocket a GET-Request. Most of the proxy servers interpret this request and execute them. The result is sent back to evil-site.com; the paper also did an empirical analysis how many proxy servers are vulnerable. Most of the common proxy server configurations out in the wild are prone to this kind of attack.  
 

\section{What are Annotitions?}
Annotations are a new feature in Java 5\cite{annotationsJava5}. Annotations are meta-informations, which can be used by the compiler or even by the runtime. With annotations it's easy to extend the behaviour of the compiler or as we see later for performing an abstraction from a framework. Annotations itself do not perform any action itself; annotations can be compared with a post-it note. On the post-it there are just some notes, but have to be interpreted by a human. Annotations are also just notes, they have to be processed by the compiler or the runtime.
\subsection{Using Annotations}
Annotations are as easy to use as post-it notes. Annotations are always attached to a method, field or a class. Because an annotation is a special type, it begins with an ``@'' sign. The most famous annotation is the ``@Override'' annotation. When this annotation is attached to a method, the compiler knows that in any interface or superclass has to be a declaration or implementation with the same signature as the annotated method. Let's have a look at a simple example:
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Example of using the override annotation}, captionpos=b]{}
...
public class Employee {
    private Name name;
...
    @Override
    public Name toString() {
        return this.name;
    }   
}
\end{lstlisting}
When this class is processed by the compiler, an error will be raised, because no matching signature is found in the superior class. Without the override-annotation, the class would have been compiled. So you can assure that an overriding of a method is going to be correct. But the existence of annotations opens Java to a new world as the introduction chapter will show. 
\\\\The override annotation is a predefined annotation by the JDK. But it's also possible to define own annotations. The declaration of annotations is as simple as the use of them. 
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Beispiel bestehendes Programm f\"ur Polling}, captionpos=b]{}

@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Test {
    String kind() default "integration";
    String author();
}
\end{lstlisting}
Imagine a developer wants to execute some tests in different stages in his project and also wants to documentate who has written a test. Also the annotated method should be executed automaticly by a tool. With that prerequisites the later usage should look like the following code snippet:
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Usage of @Test annotation}, captionpos=b]{}
public class TestContainer {
    @Test(kind="successful_compile", author="K. Reinhard")
    public static void testAuthentication() {
        ...
    }
    @Test(author="K. Reinhard")
    public static void testDatabaseConnectivity() {
        ...
    }
}
\end{lstlisting}  
Now for analysing annotations of a class and finally executing all methods with the Test-annotation, the following code snippet is used:
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Code for analysing the annotations and Execution}, captionpos=b]{}
   public static void main(String[] args) throws Exception {
      int passed = 0, failed = 0;
      for (Method m : Class.forName(args[0]).getMethods()) {
         if (m.isAnnotationPresent(Test.class)) {
            try {
               m.invoke(null);
               passed++;
            } catch (Throwable ex) {
               System.out.printf(
               "Test %s failed: %s %n", m, ex.getCause()
               );
               failed++;
            }
         }
      }
      System.out.printf("Passed: %d, Failed %d%n", passed, failed);
   }
\end{lstlisting} 
When reading the code, it should be come clear that the program iterates with the help of reflection over all methods declared in the specified class. In the next step it checks with the method ``isAnnotationPresent'' if there is the Test annotation. If so, the method will be invoked with no parameters. The try-catch block ensures that the method is executed properly. If not, the failed counter is increased.
\subsection{Processing Annotations in Spring}
It's also possible to process Spring beans. The most convient way to achieve this is to use a BeanPostProcessor and Reflection. For doing some postprocessing in Spring, implementing the interface ``BeanPostProcessor'' is sufficient. The interface is structured as followed:
\begin{figure}[H]
\begin{center} 
\fbox{ \includegraphics[width=0.5\textwidth]{bilder/interfaceBeanPostProcesser.png}}
\caption{Interface definition of BeanPostProcessor}
\end{center}
The method postProcessBeforeInitialization is executed before properties of a bean are filled. According to that, the method postProcessAfterInialization is executed after the properties are filled. Spring IoC scans for Beans which are implementing this interface; so it's not needed to register them explicit as a listener at an observer or something similiar. When annotations are also used for IoC a ``@Component'' annotation is sufficient for instanciating and automaticly registering the interface. 
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Processing Beans in Spring}, captionpos=b]{}
...
public class TestBeanProcessor implements BeanPostProcessor {
    public Object postProcessBeforeInitialization(Object bean,
            final String beanName) throws BeansException {
        // do here your magic
        return bean;        
    }
    
    public Object postProcessAfterInitialization(Object bean,
            final String beanName) throws BeansException {
        // do here your magic
        return bean;
    }
}
...
\end{lstlisting}
\label{websocketAblauf} 
\end{figure}
Now it's possible to reflect the bean - which is given as parameter - and look if there is a specific annotation. Looking backward at the ``@Test'' annotation, the scanning for the annotation works very similiar. But instead of working directly on a class, your working on an object. Let's see how annotations can be processed:
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Process Bean for Annotations}, captionpos=b]{}
...
    public Object postProcessAfterInitialization(Object bean,
            final String beanName) throws BeansException {
        if (bean.getClass().isAnnotationPresent(Test.class)) {
            ...
        }        
    }
...
\end{lstlisting} 
It should be clear, that with the help of the BeanPostProcessor interface an reflection checking for an annotation is not very complicated. Also, with the interface definition and Spring IoC the seperation of concern(in this case the scanning for annotations) can be solved very clean. Imagine if you want to scan for more than one annotation, the most convient way is to define for each annotation an own BeanPostProcessor. Applying this pattern, big if-else or switch-cases structures are avoided.
\section{Annotations in conjunction with Pojos}
\begin{quote}
``We[M. Fowler, R. Parsons, J. MacKenzie] wondered why people were so against using regular objects in their systems and concluded that it was because simple objects lacked a fancy name. So we gave them one, and it's caught on very nicely.''\cite{pojos}
\end{quote}
So, Fowler, Parsons and Mackenzie defined a nice sounding buzzword. But what means using a Pojo instead of a Class which is derived from a base class of a framework. Using Pojos in applications makes it more reusable. A Pojo is not bound to an explicit framework like Java EE\cite{javaEE}. So a Pojo describes a more general solution of a problem or representation of a data structure. The evolution of techniques and technology can't be ignored and after a while any application will be ported to new plattforms. Because Pojos are not bound to a certain framework or plattform, they can be easily reused.   

\subsection{Protect the freedom - Annotations}
To preserve objects of a class as a Pojo, the behaviour or their integration in the plattform has to be described anywhere. A common way is to describe e.g. the structure of an application via an XML file. For example, Spring beans can be described this way.
\\\\But a lot of programmers claim that XML files are complicate to write and totally overblown. That XML has a lot overhead can't be ignored and writing XML files by hand is sometimes a really annoying thing. A solution could be some graphical tools, but dependencies to certain tools are not really a solution. Even if it self-written it has to be maintained and to be documented.
\\\\A better solution is the annotation based configuration. Using annotations for example in the Spring framework is more compact than the corresponding XML file. Also the usage of annotation is assisted by IDEs because annotations are language integrated. Comparing a simple bean definition makes it clear, why more and more programmers prefer using annotations:
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Example bean configuration with XML file}, captionpos=b]{}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="
http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util-2.0.xsd">

    <bean id="myBean" class="de.hska.reka0011.TestClass"/>

</beans>
\end{lstlisting}
\lstset{emph={int,for},
stringstyle=\tt,
basicstyle=\tt,
numbers=left}
\begin{lstlisting}[frame=trb,caption={Example bean configuration with annotations}, captionpos=b]{}
@Component
public class TestClass {
...
}
\end{lstlisting}
Looking at the both code snippets and regarding the time consumed reading both examples, it should be clear, why most of the programmers prefer the annotational way. Using annotations is not as clean as the XML method for seperating from the framework. But it should be remarked, that a removal of annotations can be easily achieved with a simple regular expression and some (bash)-scripts.  
